Why there are three rounds of message exchanges for integrated windows authentication for IE

Posted by user197658 on Server Fault See other posts from Server Fault or by user197658
Published on 2013-11-08T00:16:41Z Indexed on 2013/11/08 3:58 UTC
Read the original article Hit count: 400

Filed under:

kerberos

|

internet-explorer

|

ntlm

According to the result monitored by fiddler, there are totally 3 handshakes for integrated windows authentication for IE.

GET /home

-

401 Unauthorized

WWW-Authenticate: Negotiate, NTLM

GET /home

Authorization: Negotiate UYTYGHGYKHKJPPP-===

-

401 Unauthorized

WWW-Authenticate: Negotiate UYUGKJKJKJ+++766==

Get /home

Authorization: Negotiate HJGKJLJLJ+++===

-

200 OK

WWW-Authenticate: Negotiate UHLKJKJKJJLK===

Who knows what concrete things are done for the three, especially the 2nd one.

P.S. The network environment is work group mode, other than domain mode, and the server is a website hosted on my local PC. In other words, the client (IE) & the server are both in the same machine.

© Server Fault or respective owner

Related posts about kerberos

NFS (with Kerberos) mount failing due to "Server not found in Kerberos database" error

as seen on Server Fault - Search for 'Server Fault'
When running: `sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt` I get this error on the client: mount.nfs4: access denied by server while mounting sol.domain.com:/ And on the server syslogs UNKNOWN_SERVER: authtime 0, nfs/[email protected] for nfs/ip-#-#-#-#.ec2.internal@SOL… >>> More
Enabling Kerberos Authentication for Reporting Services

as seen on SQL Blogcasts - Search for 'SQL Blogcasts'
Recently, I’ve helped several customers with Kerberos authentication problems with Reporting Services and Analysis Services, so I’ve decided to write this blog post and pull together some useful resources in one place (there are 2 whitepapers in particular that I found invaluable configuring Kerberos… >>> More
Relative security of SAML vs Kerberos

as seen on Server Fault - Search for 'Server Fault'
Does anyone have any info/links on the relative security of SAML vs Kerberos. I believe I grasp the differences between the two, and what they mean for my particular application, but to decided between the two, knowing which is more secure, if either, would be a valuable bit of info. >>> More
Confusion about Kerberos, delegation and SPNs.

as seen on Server Fault - Search for 'Server Fault'
I already posted this question on SO, but the nature of it is between programming and server configuration, so I'll re-post it here as well. I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the code, and it seems to working (I'm authenticating… >>> More
Kerberos & signle-sign-on for website

as seen on Server Fault - Search for 'Server Fault'
I have a website running on a Linux computer using Apache. I've employed mod_auth_kerb for single-sign-on Kerberos authentication against a Windows Active Directory server. In order for Kerberos to work correctly, I've created a service account in Active Directory called dummy. I've generated a… >>> More

Related posts about internet-explorer

Windows 8: Is Internet Explorer10 Metro mode disabled? Here is the fix.

as seen on Tech Dreams - Search for 'Tech Dreams'
Are you having issues with Internet Explorer 10 on Windows 8? Is Internet Explorer 10 application not launching in Metro mode and always launching in Desktop mode? Continue reading the post to understand and fix the problem. When Internet Explorer 10 does not launch in Metro mode? On Windows 8 when… >>> More
Our Look at the Internet Explorer 9 Platform Preview

as seen on How to geek - Search for 'How to geek'
Have you been hearing all about Microsoft’s work on Internet Explorer 9 and are curious about it? If you are wanting a taste of the upcoming release then join us as we take a look at the Internet Explorer 9 Platform Preview. Note: Windows Vista and Server 2008 users may need to install a Platform… >>> More
Edit Text in a Webpage with Internet Explorer 8

as seen on How to geek - Search for 'How to geek'
Internet Explorer is often decried as the worst browser for web developers, but IE8 actually offers a very nice set of developer tools. Here we’ll look at a unique way to use them to edit the text on any webpage. How to edit text in a webpage IE8’s developer tools make it easy to make changes… >>> More
Edit Text in a Webpage with Internet Explorer 8

as seen on How to geek - Search for 'How to geek'
Internet Explorer is often decried as the worst browser for web developers, but IE8 actually offers a very nice set of developer tools. Here we’ll look at a unique way to use them to edit the text on any webpage. How to edit text in a webpage IE8’s developer tools make it easy to make changes… >>> More
Jquery Selector not working on Internet Explorer

as seen on Stack Overflow - Search for 'Stack Overflow'
Internet Explorer does not like my Jquery selector. Not sure if it's my weak Jquery skills or general Explorer strangeness. Here is the Code: $("#field_"+index+" #field_Label").val(); [div field_1] <input id="field_Label" //... you get the picture. to explain this.. I have a DIV labeled… >>> More